0

When I search for software in the Ubuntu Software Center, how do I know whether or not software is trustworthy to download?

On Windows, I came to be careful about downloading just anything because it might be packaged with adware, or possibly even malicious code.

For example, I found the Metadata Anonymization Tool (website here) in the software centre.

Drawninpictures
  • 53
  • 1
    Define trustworthy. Also, what is your example supposed to indicate? – muru Dec 12 '16 at 10:14
  • @muru Trustworthy = highly unlikely to contain intrusive, malicious, or any code otherwise intended for a purpose other than what is the plain purpose of the app. The second part of your question: Nothing particular about that example. I just am looking for assistance on the thought process that one should go through when deciding what to execute on your computer. – Drawninpictures Dec 12 '16 at 23:08

2 Answers2

4

All of the software on the Ubuntu Software Center is safe and is maintained / verified, reviewed / developed by known developers (either from Debian or Ubuntu) and that's the reason it is in the Ubuntu repositories.

More risky business is when installing applications from third-party sources which is done by adding the Personal Package Archive (PPA) to your system. After a PPA is added it is trusted by the system and any updated software from that PPA will be updated automatically. Well, if some developer goes rogue and makes a malicious software then that application will come in as an update, if the particular PPA was added. Hence, adding PPAs should be done cautiously.

Read more in the following excellent links.

  1. Which Ubuntu repositories are totally safe and free from malware?
  2. Are PPA's safe to add to my system and what are some "red flags" to watch out for?
  3. Is there any guarantee that software from Launchpad PPAs is free from viruses and backdoor threats?

Case where the user compiles and installs using make/cmake

Generally some libraries, custom compilers and customized applications which are system build and parameter dependent (need configure) are installed that way. Hence, usually these softwares come from known developers, researchers, scientists, companies, GNU developers, etc...
However, exercise caution and use your experience while building softwares from source. Don't just blindly build any piece of code !

Community
  • 1
ankit7540
  • 4,185
  • Thank you, that answered my question. So in Ubuntu, I can go to Security and Update Settings and select which Software & Updates Ubuntu will download. According to Link 1 you provided, I can download updates from Main, Multiverse, Universe, and Restricted, but what about Source Code? – Drawninpictures Dec 12 '16 at 23:45
  • @Drawninpictures For the source code from some other sites the user needs to be careful. – ankit7540 Dec 14 '16 at 12:51
-1

I normally presume that all downloads through Ubuntu Software Center is safe. You can use the reviews to check the user feedback of these software.

Also, if you are using external PPA, there is a risk that you are open the doors to unsafe script. Use only the PPAs you trust.

user227495
  • 4,089
  • 17
  • 56
  • 101